Security Notices

• 2022-05-13 Autovacuum, REINDEX, and others omit security restricted operation sandbox on PostgreSQL
• 2022-04-29 ECDSA signature vulnerability on Java
• 2022-04-21 Several Vulnerabilities in the MySQL Server product
• 2022-03-31 CVE-2022-22965 RCE 0-day exploit found in Spring Framework
• 2022-03-24 ArgoCD Improper access control allows admin privilege escalation (CVE-2022-1025)
• 2022-01-26 Local privilege escalation vulnerability was found on polkit's pkexec utility (CVE-2021-4034)
• 2021-12-10 CVE-2021-44228 RCE 0-day exploit found in log4j
• 2021-10-21 Discourse: RCE via malicious SNS subscription payload
• 2021-10-06 Apache Server 2.4.49 Path traversal and file disclosure vulnerability (CVE-2021-33909 and CVE-2021-42013)
• 2021-07-22 Sequoia (CVE-2021-33909): Linux Kernel filesystem layer Vulnerability
• 2021-01-27 sudo security release: Buffer overflow in command line unescaping
• 2020-09-16 Drupal security releases
• 2020-09-15 CVE-2020-14386 Linux kernel CAP_NET_RAW vulnerability
• 2020-07-03 Apache Guacamole security release (CVE-2020-9497)
• 2020-06-22 Rails CVE-2020-8185 and Rack CVE-2020-8184 security issues
• 2020-06-18 Drupal Core Critical security issues: SA-CORE-2020-005 and SA-CORE-2020-004
• 2020-06-04 GitLab security release 13.0.4, 12.10.9, 12.9.9
• CVE-2020-13379: Grafana incorrect access control vulnerability
• 2020-05-21 CVE-2020-9484: Apache Tomcat Remote Code Execution Vulnerability
• 2020-04-21 OpenSSL segmentation fault in SSL_check_chain (CVE-2020-1967)
• 2020-02-29 Apache JServ Protocol (AJP) (CVE-2020-1938)
• 2019-11-08 WordPress WP-VCD Malware via Pirated Plugins or Themes
• 2019-05-15 MDS attacks against Intel CPUs and Zombieload vulnerability
• 2018-08-06 SegmentSmack (CVE-2018-5309): Linux Kernel TCP Vulnerability
• 2018-07-16 Bitnami Google Launchpad open ports vulnerability
• 2018-01-04 Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) attack
• 2016-10-20 Dirty COW (CVE-2016-5195): Privilege escalation vulnerability in the Linux Kernel
• 2016-09-22 OpenSSL OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
• 2016-08-18 Debian
• 2016-08-18 Off-Path TCP Linux Kernel Vulnerability (CVE-2016-5696)
• 2016-07-18 httpoxy: A CGI application vulnerability (CVE-2016-5385, CVE-2016-5387, CVE-2016-1000110)
• 2016-05-04 ImageTragick: Remote execution vulnerability (CVE-2016-3714)
• 2016-03-01 OpenSSL Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800 and CVE-2016-0703)
• 2016-02-17 glibc getaddrinfo() stack-based buffer overflow (CVE-2015-7547)
• 2016-01-20 Linux kernel vulnerability (CVE-2016-0728)
• 2015-11-16 libpng security issue (CVE-2015-8126)
• 2015-07-09 Alternative chains certificate forgery (CVE-2015-1793)
• 2015-01-27 GHOST: glibc gethostbyname buffer overflow CVE-2015-0235
• 2014-10-15 POODLE issue with SSLv3 (CVE-2014-3566)
• 2014-09-25 Critical security issue in bash (CVE-2014-6271, CVE-2014-7169)
• 2014-06-05 OpenSSL CCS Injection Vulnerability
• 2014-04 Heartbleed Bug
• 2013-11 PHP security issue